Example 16 with RegisteredClient
use of org.springframework.security.oauth2.server.authorization.client.RegisteredClient in project spring-authorization-server by spring-projects.
the class OAuth2AuthorizationCodeAuthenticationProviderTests method authenticateWhenClientPrincipalNotAuthenticatedThenThrowOAuth2AuthenticationException.
@Test
public void authenticateWhenClientPrincipalNotAuthenticatedThenThrowOAuth2AuthenticationException() {
RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient.getClientId(), ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret(), null);
OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken(AUTHORIZATION_CODE, clientPrincipal, null, null);
assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)).isInstanceOf(OAuth2AuthenticationException.class).extracting(ex -> ((OAuth2AuthenticationException) ex).getError()).extracting("errorCode").isEqualTo(OAuth2ErrorCodes.INVALID_CLIENT);
}
Also used :
OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException)
RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient)
Test(org.junit.Test)
Example 17 with RegisteredClient
use of org.springframework.security.oauth2.server.authorization.client.RegisteredClient in project spring-authorization-server by spring-projects.
the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method authenticateWhenConsentRequestInvalidPrincipalThenThrowOAuth2AuthorizationCodeRequestAuthenticationException.
@Test
public void authenticateWhenConsentRequestInvalidPrincipalThenThrowOAuth2AuthorizationCodeRequestAuthenticationException() {
RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).principalName(this.principal.getName().concat("-other")).build();
OAuth2AuthorizationCodeRequestAuthenticationToken authentication = authorizationConsentRequestAuthentication(registeredClient, this.principal).build();
when(this.authorizationService.findByToken(eq(authentication.getState()), eq(STATE_TOKEN_TYPE))).thenReturn(authorization);
assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)).isInstanceOf(OAuth2AuthorizationCodeRequestAuthenticationException.class).satisfies(ex -> assertAuthenticationException((OAuth2AuthorizationCodeRequestAuthenticationException) ex, OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ParameterNames.STATE, null));
}
Also used :
OAuth2Authorization(org.springframework.security.oauth2.server.authorization.OAuth2Authorization)
RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient)
Test(org.junit.Test)
Example 18 with RegisteredClient
use of org.springframework.security.oauth2.server.authorization.client.RegisteredClient in project spring-authorization-server by spring-projects.
the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method authenticateWhenPrincipalNotAuthenticatedThenReturnAuthorizationCodeRequest.
@Test
public void authenticateWhenPrincipalNotAuthenticatedThenReturnAuthorizationCodeRequest() {
RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))).thenReturn(registeredClient);
this.principal.setAuthenticated(false);
OAuth2AuthorizationCodeRequestAuthenticationToken authentication = authorizationCodeRequestAuthentication(registeredClient, this.principal).build();
OAuth2AuthorizationCodeRequestAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeRequestAuthenticationToken) this.authenticationProvider.authenticate(authentication);
assertThat(authenticationResult).isSameAs(authentication);
assertThat(authenticationResult.isAuthenticated()).isFalse();
}
Also used :
RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient)
Test(org.junit.Test)
Example 19 with RegisteredClient
use of org.springframework.security.oauth2.server.authorization.client.RegisteredClient in project spring-authorization-server by spring-projects.
the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method authenticateWhenRequireAuthorizationConsentAndOnlyOpenidScopeRequestedThenAuthorizationConsentNotRequired.
@Test
public void authenticateWhenRequireAuthorizationConsentAndOnlyOpenidScopeRequestedThenAuthorizationConsentNotRequired() {
RegisteredClient registeredClient = TestRegisteredClients.registeredClient().clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build()).scopes(scopes -> {
scopes.clear();
scopes.add(OidcScopes.OPENID);
}).build();
when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))).thenReturn(registeredClient);
OAuth2AuthorizationCodeRequestAuthenticationToken authentication = authorizationCodeRequestAuthentication(registeredClient, this.principal).build();
OAuth2AuthorizationCodeRequestAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeRequestAuthenticationToken) this.authenticationProvider.authenticate(authentication);
assertAuthorizationCodeRequestWithAuthorizationCodeResult(registeredClient, authentication, authenticationResult);
}
Also used :
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
OAuth2ParameterNames(org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
PkceParameterNames(org.springframework.security.oauth2.core.endpoint.PkceParameterNames)
OAuth2TokenGenerator(org.springframework.security.oauth2.server.authorization.OAuth2TokenGenerator)
OAuth2AuthorizationResponseType(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType)
ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq)
RegisteredClientRepository(org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
HashMap(java.util.HashMap)
Mockito.spy(org.mockito.Mockito.spy)
Function(java.util.function.Function)
Supplier(java.util.function.Supplier)
OAuth2AuthorizationConsentService(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsentService)
HashSet(java.util.HashSet)
TestOAuth2Authorizations(org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations)
ArgumentCaptor(org.mockito.ArgumentCaptor)
Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy)
Map(java.util.Map)
OidcScopes(org.springframework.security.oauth2.core.oidc.OidcScopes)
OAuth2AuthenticationValidator(org.springframework.security.oauth2.core.authentication.OAuth2AuthenticationValidator)
ClientSettings(org.springframework.security.oauth2.server.authorization.config.ClientSettings)
Before(org.junit.Before)
OAuth2Authorization(org.springframework.security.oauth2.server.authorization.OAuth2Authorization)
ProviderSettings(org.springframework.security.oauth2.server.authorization.config.ProviderSettings)
RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient)
OAuth2AuthorizationConsent(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent)
OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)
Set(java.util.Set)
Test(org.junit.Test)
Mockito.times(org.mockito.Mockito.times)
Mockito.when(org.mockito.Mockito.when)
OAuth2ErrorCodes(org.springframework.security.oauth2.core.OAuth2ErrorCodes)
TestRegisteredClients(org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients)
OAuth2AuthorizationService(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService)
Mockito.verify(org.mockito.Mockito.verify)
Consumer(java.util.function.Consumer)
ProviderContextHolder(org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder)
Mockito.never(org.mockito.Mockito.never)
Principal(java.security.Principal)
OAuth2AuthorizationCode(org.springframework.security.oauth2.core.OAuth2AuthorizationCode)
OAuth2TokenType(org.springframework.security.oauth2.core.OAuth2TokenType)
OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error)
ProviderContext(org.springframework.security.oauth2.server.authorization.context.ProviderContext)
Authentication(org.springframework.security.core.Authentication)
Collections(java.util.Collections)
AuthorizationGrantType(org.springframework.security.oauth2.core.AuthorizationGrantType)
Mockito.mock(org.mockito.Mockito.mock)
RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient)
Test(org.junit.Test)
Example 20 with RegisteredClient
use of org.springframework.security.oauth2.server.authorization.client.RegisteredClient in project spring-authorization-server by spring-projects.
the class OAuth2AuthorizationCodeRequestAuthenticationProviderTests method authenticateWhenClientNotAuthorizedToRequestCodeThenThrowOAuth2AuthorizationCodeRequestAuthenticationException.
@Test
public void authenticateWhenClientNotAuthorizedToRequestCodeThenThrowOAuth2AuthorizationCodeRequestAuthenticationException() {
RegisteredClient registeredClient = TestRegisteredClients.registeredClient().authorizationGrantTypes(Set::clear).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).build();
when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))).thenReturn(registeredClient);
OAuth2AuthorizationCodeRequestAuthenticationToken authentication = authorizationCodeRequestAuthentication(registeredClient, this.principal).build();
assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)).isInstanceOf(OAuth2AuthorizationCodeRequestAuthenticationException.class).satisfies(ex -> assertAuthenticationException((OAuth2AuthorizationCodeRequestAuthenticationException) ex, OAuth2ErrorCodes.UNAUTHORIZED_CLIENT, OAuth2ParameterNames.CLIENT_ID, authentication.getRedirectUri()));
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient)
Test(org.junit.Test)
Aggregations
RegisteredClient (org.springframework.security.oauth2.server.authorization.client.RegisteredClient)223
Test (org.junit.Test)189
OAuth2Authorization (org.springframework.security.oauth2.server.authorization.OAuth2Authorization)127
OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)68
Authentication (org.springframework.security.core.Authentication)59
Instant (java.time.Instant)55
Jwt (org.springframework.security.oauth2.jwt.Jwt)52
OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)50
OAuth2TokenType (org.springframework.security.oauth2.core.OAuth2TokenType)48
OAuth2ParameterNames (org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames)46
AuthorizationGrantType (org.springframework.security.oauth2.core.AuthorizationGrantType)45
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)44
Assertions.assertThatThrownBy (org.assertj.core.api.Assertions.assertThatThrownBy)44
OAuth2ErrorCodes (org.springframework.security.oauth2.core.OAuth2ErrorCodes)44
TestRegisteredClients (org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients)44
Before (org.junit.Before)41
ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)41
Mockito.mock (org.mockito.Mockito.mock)41
Mockito.verify (org.mockito.Mockito.verify)41
Mockito.when (org.mockito.Mockito.when)41
